Skip to content

update #3887

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
JayHrn wants to merge 2 commits into from
Closed

update #3887

JayHrn wants to merge 2 commits into from
+1 −1

Conversation

@JayHrn
Copy link

@JayHrn JayHrn commented Dec 13, 2025

No description provided.

vercel bot and others added 2 commits December 13, 2025 17:17
@vercel
Fix React Server Components CVE vulnerabilities
8c3f759 
Updated dependencies to fix Next.js and React CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel  
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
@JayHrn
Merge pull request #1 from JayHrn/vercel/react-server-components-cve-…
d8664f3 
…vu-lfa1wo

Fix React Server Components CVE vulnerabilities
@vercel
Copy link

vercel bot commented Dec 13, 2025

@JayHrn is attempting to deploy a commit to the umami-software Team on Vercel.

A member of the Team first needs to authorize it.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 13, 2025

Greptile Overview

Greptile Summary

This PR updates the Next.js dependency from version 15.0.4 to 15.0.7, representing a patch-level version bump. This is a routine maintenance update that brings in the latest bug fixes and security patches within the same minor version line. The change aligns with semantic versioning best practices, ensuring the Umami web analytics application benefits from improved stability without introducing breaking changes. Since this is a patch update within the 15.0.x series, it maintains API compatibility while incorporating incremental improvements to the core Next.js framework that powers the application's server-side rendering and build system.

Important Files Changed

Filename Score Overview
package.json 5/5 Updated Next.js dependency from 15.0.4 to 15.0.7 for latest patches

Confidence score: 5/5

  • This PR is safe to merge with minimal risk
  • Score reflects a simple patch-level dependency update with no breaking changes or complex logic modifications
  • No files require special attention

greptile-apps[bot]
greptile-apps bot reviewed Dec 13, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

@mikecao
Copy link
Collaborator

mikecao commented Jan 7, 2026

Next already updated.

@mikecao mikecao closed this Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JayHrn @mikecao